Any errors encountered while comparing the schema is written to the error file (err.ldf in the example). You do not need to login to perform this operation unless one of the servers require authentication in order to read the Root DSE. Microsoft Active Directory requires authentication to read the Root DSE.

Step 2: Rectify the error LDIF file to eliminate the errors

Sun ONE defines some schema definitions publicly that eDirectory does not. This includes attributes like, "objectClasses", "attributeTypes", "ldapSyntaxes" and "subschemSubentry". These definitions exist internally and are very important to the schema, and therefore, they cannot be modified. Operations that try to modify these definitions results in the following error:

LDAP error : 53 (DSA is unwilling to perform)

Any records that contain references to these definitions cause the following error:

LDAP error : 16 : ( No such attribute )

Thus, records that contain any reference to these objects or that try to modify these definitions need to be commented in the LDIF error file (err.ldf in the example).

Some objectClasses definitions in Sun ONE do not have naming attributes. Adding these objectClasses would result in the following error in eDirectory:

LDAP error : 80 (NDS error: ambiguous naming (-651)

This error occurs because Sun ONE does not use the same method for determining naming rules as eDirectory.

To solve this, you can use any one of the three following options:

Option 1:

Go through each of the offending objectClasses and add a valid naming attribute to each of them.

For example:

To add the naming attribute [ cn ] to the objectclass "netscapeMachineData" modify the entry (that is emphasized in the example below) in the err.ldf file to include the X-NDS_NAMING flag as shown below: